To comply with the Data Protection Act (1988) and General Data Protection Regulations (GDPR) which came in effect on 25th May 2018 the Society has taken the following steps.The Society only processes personal data for recreational reasons only. It is exempt from registration although it is still required to comply with the GDPR. This was determined by completing the ICO’s online Registration Self-Assessment questionnaire.Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is:
The Society is also obligated to carry out a few simple procedures as described below.
In line with these principles and procedures the following notes describe the policies and practices adopted by the BAHS and how they may affect our members and visitors (individuals who have signed-up to our information service). Why Is Data Held on Individuals?The GDPR refers to various reasons by which data on individuals may be held. The BAHS holds data on individuals for two reasons.
When the BAHS contacts present members, past members and/or visitors we do so as they have shown a legitimate interest in BAHS activities. For present members contact may be made to fulfil the legal obligation relating to their BAHS subscription. Opt In/Opt Out?Past and present members may opt out of email contact at any time. Past members and visitors may also request for their details to be removed from the BAHS system. Present members may also request that their details to be removed from the BAHS system although this will mean their subscription is terminated. No subscription payments will be reimbursed in this situation. Data HeldThe data held by the BAHS on members and visitors is used by committee members to:
The Society does not share or sell your data to other organisations or third parties. The data is held in a secure area of our website only accessible by members of the BAHS committee. To assist in the running of the Society the committee may download data from the website and print it out. This does not (in fact cannot) include passwords used by members. The data held by the Society may be used by the BAHS committee to assess trends and guide decision making. Committee members are responsible for the safe keeping of data they download. Examples of data downloaded and printed by committee members are address labels, membership and subscription lists. The data held by the Society covers:
Data NOT HeldPlease note the Society doesn’t hold data such as credit card details. Individual’s RightsThe GDPR provides the following rights for individuals:
If a member wishes to access their data they may do so by:
Members’ AreaThrough the secure Members’ Area it is possible for members (with an email address) to login to check their subscription history, if any. They may also review and change the personal data held by the Society and update it as required. PasswordsMembers are advised to use a unique password for access to the BAHS website. However we understand this isn’t the easiest thing to do. So members are advised, at the minimum, that to reduce risk they should not be accessing the BAHS website with a password that they use elsewhere on sensitive or secure websites such as financial (e.g. banking) or cloud file management websites/systems (e.g. Dropbox) which if hacked could cause a financial loss or a leak of important personal data. SecurityWhen members use the Members’ Area notification emails (covering actions such as login, logout or updating personal details) are provided to the login email address. If a member receives such an email and they hadn’t used the Members’ area they should email the webmaster as it implies a possible security issue. If you do not receive these emails when using the Members’ area please check that they are not going into a junk or spam folder. Whilst it isn’t recommended by the Society it is possible to disable the receipt of notification emails. Access to membership data held on the website is accessible only through logging in using strong passwords that are stored using one-way encryption techniques using a 256-bit hash known as SHA256. Click here for information held on Wikipedia about this technique. Changes to membership data held on the website are recorded in an audit trail accessible by the webmaster. Further InformationIf you have questions or concerns about how the Society uses the data it holds on you please email the webmaster who has been nominated by the BAHS Committee as the Society’s Data Protection Officer. |